By default, ClickOnce applications are given a level of trust on client computers that prevents them from engaging in potentially malicious activity, such as deleting data from the hard drive or accessing the network. A ClickOnce application can use either permission elevation or Trusted Application Deployment to request a higher level of trust:

Permission elevation asks the user to grant the application a higher level of security.

Trusted Application Deployment matches the digital signature of the ClickOnce application against a list of trusted publishers on the local machine.

TrustNotGrantedException will be thrown if:

The application uses permission elevation and the user denies the request for elevated trust; or

The application uses Trusted Application Deployment and the digital certificate used to sign the application is not listed as a trusted publisher on the local machine.If you have deployed an update to an application, and the update uses more permissions than the previous version, and ClickOnce throws a TrustNotGrantedException, the new version will not install.